I am trying to use sleuthkit/autopsy to recover deleted photos from my hard drive, but first I need to make an image of the entire drive, I don't know how to use the dd command and the man pages seem like another language to me, I followed some instructions and ended up with a "file".img.gz but I think I need an .iso, or maybe just an .img, can someone cleverer than me tell me what to type at the command line to do this? Or alternately I downloaded a small app called ubercopy (a front end to dd) - but there are no instructions available on how it works...

dd if=/dev/hda1 of=/hdimage.raw
will pull the first partion of the first drive. (normal windows drive C
dd if=/dev/hda2 of=/hdimage.raw
will pull the second partion of the first drive.
dd if=/dev/hda3 of=/hdimage.raw
will pull the third partion of the first drive.
dd if=/dev/hdb1 of=/hdimage.raw
will pull the first partion of the second drive.

dd if=/dev/hdb2 of=/hdimage.raw
will pull the second partion of the second drive.

bigger better uncut:
dd if=/dev/hda of=/hdfullimage.raw
will pull total drive with boot MBR included
other methods.
growisofs uses dd to burn direct to DVD (I use this all the time)
growisofs -Z /dev/dvd=/dev/hda
will burn the first 4.7GiB of the first drive directly to DVD in raw format.

... growisofs uses dd to burn direct to DVD (I use this all the time)
growisofs -Z /dev/dvd=/dev/hda
will burn the first 4.7GiB of the first drive directly to DVD in raw format.

Hey Ted, is that from the very beginning of the hard drive? (I.e., does it include the boot sector or partition with the MBR etc.?) If so, does the reverse command restore the first 4.7 GB of the hd to just the way it was?

yes and yes
this does back up full HD including MBR, hidden Windows storage & unused cruff. The resulting disk image is restored.
after DVD is burned the HD image is restored with

Code:

dd if=/dev/dvd of=/dev/hda

Simple as can be, now package a nice complicated GUI around it and sell it for big bucks!!

One minor flaw and its all my fault. If you backup WinXP then upgrade your LAN & DVD firmware, install new video card. and then hopelessly screwup your windows install. Do not reuse earlier backup, I did and it force a 3 day only forced re-activate of my windows machine, so I am hosed for about three months (I reinstalled it two months-ago). Lession learned firmware upgrades changes the way the hardware reports to windows. Puppy rules badly hosed puppy is only a mv command and reboot away 2 minutes max!

Thanks Ted. Ha ha, I have Windows 2000 so no problems with "reactivating."

I have a notion to put Puppy on a multisession DVD and then use it to backup my W2KPro system partition to the DVD. What commands would you suggest I use to backup my W2KPro partition to the multisession DVD, and what commands to restore from the disk image on the multisession DVD?

Ted Dog wrote:

... Simple as can be, now package a nice complicated GUI around it and sell it for big bucks!!

Don't laugh! I paid good money for a program called Drive Backup! which does pretty much what you describe. I've used it a couple of times and it worked as advertised, but the restore is very slow. The company told me that's because the DVD boots DOS which then restores the hard drive, including the boot sector, from the image on the DVD. I'm hoping to use Puppy Linux to do the same thing only faster.

This is the most comprehensive documentation and example sheet for one of the most useful, and least understood linux commands, called "dd". This command has been part of UNIX since the 1970's. It is a bitstream duplicator for copying data, but can use input or output pipes to another command.

I tried to dd same sized usb flash drives(different package types one CF other just USB) . The results are bad the resulting usb drive is still alive but zero length refuses to mount on any OS and can not be recycled with HP's usb flash formater

2. The destination disk has to be identical to the source disk (including model
number and geometry). This is because dd copies the entire disk image (including
the label {vtoc}). So, if a 9Gb Seagate drive was dd'd to a 36Gb IBM drive, then
after the operation, the 36Gb IBM drive would show up as a Seagate 9Gb and there
is no easy way to reclaim the missing space.

I just want to make sure that using dd if=/dev/hda1 of=/dev/sdb1 won't have any undesired consequences.

Guest I'll have to test this on my own.
My hda1 is 12GB (10GB full) and my sdb1 is 18GB I'd very much like to keep it that way, even after using dd. After using dd I'd like my sdb1 to have 8GB free space.

2. The destination disk has to be identical to the source disk (including model
number and geometry). This is because dd copies the entire disk image (including
the label {vtoc}). So, if a 9Gb Seagate drive was dd'd to a 36Gb IBM drive, then
after the operation, the 36Gb IBM drive would show up as a Seagate 9Gb and there
is no easy way to reclaim the missing space.

I just want to make sure that using dd if=/dev/hda1 of=/dev/sdb1 won't have any undesired consequences.

I suspect that information is either obsolete or simply incorrect, but I don't really know. I suggest you do some more research before giving up on cloning the small hd to a bigger one. I know there is commercial software that does exactly that.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum